Principle:Protectai Llm guard Vault State Management
| Knowledge Sources | |
|---|---|
| Domains | Security, Data_Privacy, State_Management |
| Last Updated | 2026-02-14 12:00 GMT |
Overview
A stateful storage pattern that maintains bidirectional mappings between anonymized placeholders and their original values across the input-output scanning boundary.
Description
Vault state management solves the fundamental challenge of reversible anonymization in LLM pipelines. When PII is detected in a prompt and replaced with placeholders (e.g., [REDACTED_PERSON_1]), the mapping between placeholder and original value must be preserved so that the LLM's response can be deanonymized after scanning. The vault acts as shared mutable state between the Anonymize input scanner and the Deanonymize output scanner.
This pattern is essential because the anonymization and deanonymization steps are separated by an external LLM API call, requiring a persistent store that bridges the two phases.
Usage
Use this principle whenever implementing reversible data transformation pipelines where a transformation applied to input must be undone on the corresponding output. In LLM Guard, the vault is required whenever both Anonymize and Deanonymize scanners are used together.
Theoretical Basis
The vault implements a simple tuple store pattern:
# Pseudocode for vault-based reversible anonymization
vault = TupleStore()
# During anonymization (input scanning)
for entity in detected_entities:
placeholder = generate_placeholder(entity.type, index)
vault.append((placeholder, entity.original_value))
text = text.replace(entity.span, placeholder)
# During deanonymization (output scanning)
for placeholder, original in vault.get():
output = output.replace(placeholder, original)
The vault supports duplicate detection via placeholder_exists to avoid storing the same mapping twice when identical entities appear multiple times in the same prompt.